According to the ICO, “…it is the person setting the cookie who is responsible for compliance although the website has a part to play”.

In practice, the ownership of cookies on a page can go through a series of commercial and technical relationships. For example, a tag from DoubleClick administered by an agency might then incorporate several third-party tags from media networks that in turn set a whole set of cookies.

The website owner needs to establish some control over what third party tags are used on their site, so that the web user has clear and up to date information.

Cookie audits

66% of the retailers surveyed are carrying out cookie audits, sllghtly higher than the 54% from our survey carried out in March.

This is the first basic step towards complying with the cookie law and it is worrying that 34% are yet to do anything to comply. At the very least, a cookie audit does at least enable retailers to claim that they have taken some action.

In addition, 67% are updating their privacy policies, and the clarity of this information is also key.

For example, John Lewis has now moved its privacy and cookie policy to a more prominent position on the site, and this links to detailed information about cookies.

Compliance is still not precisely defined - and even the ICO is unclear about differences between cookies and spyware.

It's easy for EU legislators and ICO to sit back, eat lunch in taxpayer-funded meeting rooms and say: "Oh, I think we will make a law about that."

Internet surfers and website visitors + customers should be confident and have trust using the Web - but using EU law is bureaucratic overkill, more likely to harm than help.

I know I've made this point before but to emphasise... For all website visitors to have to agree to cookie use on hundreds and thousands of websites on websites (only in the EU, mind) is plain daft.

It's bad enough having to accept reams of legal terms and security notices (that no-one reads) for applications such as iTunes and Windows... but to have to do this time and again for every website we visit will drive people off websites, an area enjoying some economic progress.

over 5 years ago

Russ

Regarding the headline 34%, seems to me that 'compulsory popups to drive consent', i.e. "tick this box or go away", is the worst possible mechanism, since it could simply be a way ('non-informed, enforced consent') of avoiding notifying what cookies are being set.

The research we carried out showed that 2/3rds of respondents were carrying out cookie audits and make their privacy information better and more accessible. The first stage, as you rightly point out, is to make the user aware of the cookies you use or at least make them aware of the resource to find out as much as they want about the cookies (and in the case of the john lewis example probably much more than they need!). This "education" and openness is more likely to make them trust your brand more than make them overnight online marketing experts but that's what you want.

Strong privacy policies, opt outs etc have been a requirement and best practice for many years now. However it's important to make them prominent to users, not hidden away like most have been for years. Then once you decide the best way to gain implicit consent, as and when you want/need to implement this, your users trust levels are a high as they possible can be (obviously this should be within the next month but we all know no-one wants to be first and get themselves a competitive disadvantage)

Having a clear link within the opt-in mechanism for them to read about all the cookies, should they wish, is obviously best practice.

In the end users do want clean, nice to use, personalised site experiences as econsultancies' own consumer research showed. Being followed round the net with products they looked at but didn't want to buy and still don't might be a different story....

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Digital Pulse newsletter. You will receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.